search

Snowflake-Labs / terraform-provider-snowflake

Terraform provider for managing Snowflake accounts
https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest
MIT License
552 stars 420 forks source link

[Bug]: Unable to use custom Okta URL #3104

Open jmeekinsint opened 1 month ago

jmeekinsint commented 1 month ago

Terraform CLI Version

1.7.3

Terraform Provider Version

0.95.0

Terraform Configuration

provider "snowflake" {
  user               = "svc_account" # required if not using profile or token. Can also be set via SNOWFLAKE_USER env var
  password               = "svc_account_password"
  authenticator     = "Okta"
  okta_url = "https://myapps.custom.com"
  role      = "APP_ADMIN"
  account = "xxxxxx.us-east-1" # Specify the Snowflake account and region
}

Category

category:provider_config

Object type(s)

No response

Expected Behavior

Ability to authentication using service account

Actual Behavior

Planning failed. Terraform encountered an error while generating this plan.

╷ │ Error: open snowflake connection: 260011: failed to parse an authenticator: https://myapps.custom.com │ │ with provider["registry.terraform.io/snowflake-labs/snowflake"], │ on main.tf line 24, in provider "snowflake": │ 24: provider "snowflake" { │ ╵

Steps to Reproduce

Copy terraform provider information from problem.

Run terraform plan

IF you change url to have *.okta.com you get a different error - The specified authenticator is not accepted by your Snowflake account configuration. Please contact your local system administrator to get the correct URL to use.

How much impact is this issue causing?

Medium

Logs

No response

Additional Information

No response

Would you like to implement a fix?

sfc-gh-jmichalak commented 1 month ago

Hi @jmeekinsint 👋 Okta URL host needs to to have a suffix okta.com (from the driver documentation):

To authenticate through Okta, specify https://.okta.com (URL prefix for Okta).

We are currently reworking the provider configuration, and we will adjust our documentation to be more descriptive. About the second error, have you followed the instructions at https://docs.snowflake.com/en/user-guide/oauth-okta? It looks like a misconfiguration on your side, because this error comes from Snowflake.

sfc-gh-jmichalak commented 1 week ago

Hi @jmeekinsint 👋

We've released a new v0.98.0 version (release, migration guide) with updated configuration documentation.